The identity management benefits of single sign on technology

Nick Lamidey of Evidian explains single sign-on and how it can provide benefits to organisations in terms of both identity and access management for improved security

Rudyard Kipling perfectly described the ideal security compliance situation in his famous poem, "The Elephant's Child":.

"I keep six honest serving-men
(They taught me all I knew)
Their names are What and Why and When
And How and Where and Who".

Unfortunately, these 6Ws are easy to ask, but not to answer. Getting accurate compliance information on who logged into to what applications when, where, and for how long is difficult. People log on using other peoples' details; they don't log off; users share PCs in busy areas.

All of which presents huge security risks to organisations. Applications are left open to unauthorised viewers. Passwords are shared, or get written on notes stuck to the PC.

It's also a compliance nightmare, as it becomes impossible to link the real user with the user ID that is logged into the application - an issue that's particularly key in the health sector.

So why has this situation arisen? There are two main reasons. First, the increase in the number of essential software apps. Each demands its own level of security, typically a user ID and password.

This is simple enough when you have just one or two apps. But in hospitals, staff may need to use anything up to 15 applications, each needing its own password. In a busy environment like A&E, should staff really be expected to log in and out of all 15 applications systematically?

Second, there's user willingness. People will always want to save time, and they can't be blamed for that. In an ideal world, we would all comply 100% with security policies.

But in practice, given the choice between doing their work, or the next two minutes logging the previous user off a PC and then re-logging in, most users would focus on the work. Isn't this just trying to make the best use of time?

The answer to these application and user issues is common to most security problems: automate the process. If the log-in / log-out process is made easy and transparent, then users will comply with policies - especially if that solution cannot be tampered with or bypassed, and more so if it can keep a log of user access for compliance purposes.

This is what advanced enterprise single sign on (E-SSO) solutions do. These secure access to all types of corporate application, acting as a central gatekeeper for all business applications, replacing the need for users to remember multiple passwords. Users simply need to retain one password to verify their identity.

SSO can also work with smartcard-based or biometric solutions for additional identity verification, and access is authorised according to existing security policies and enterprise directories.

So how does this deliver benefits? First, it makes logging in and out easy for users. When the user signs in, they can be signed in to all the apps they are authorised to use at once, instead of entering a password for each in turn. And the reverse when they log out - saving time and boosting productivity.

Second, it drastically cuts the numbers of calls to IT support for forgotten passwords, or resets - because there's only one password to remember. Even if the user does forget, advanced solutions include a self-service password reset function.

A real-life example Winchester and Eastleigh Healthcare NHS Trust, which has rolled out Evidian E-SSO to its 2500 users. E-SSO will simplify access to 14 key healthcare applications, enabling clinical and clerical staff to log in with a single user ID and password. Previously, users would have to log into each application separately, and remember multiple passwords.

The Trust says as staff need only to log-in once to carry out essential daily activities, time and resources are freed up to focus on patient care, without having to juggle passwords. It also provides a complete audit trail of application access across the organisation.

Also, around 15% of all IT support calls logged were password related, but with this largely eliminated the Trust has been able to reduce first-line IT support by 20%, enabling resources to be redeployed.

So single sign on can boost user productivity, enhance security, help to automate policy adherence, and what's more it can directly save IT and compliance management costs. Those are benefits well worth signing on for.